From 10ffd01a2e2b2ec952a34c1c008f8e15e8653dca Mon Sep 17 00:00:00 2001
From: Ajurna <ajurna@gmail.com>
Date: Tue, 4 May 2021 09:21:13 +0100
Subject: [PATCH] adding csp

---
 cbreader/settings/base.py             |  3 ++-
 comic/templates/comic/comic_list.html |  6 +++---
 comic/templates/comic/read_comic.html |  4 ++--
 pyproject.toml                        |  2 +-
 static/js/comic_list.js               |  2 +-
 static/js/read_comic.js               | 10 +++++++++-
 static/js/read_comic.min.js           |  2 +-
 7 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/cbreader/settings/base.py b/cbreader/settings/base.py
index 168c4e3..a1792b7 100644
--- a/cbreader/settings/base.py
+++ b/cbreader/settings/base.py
@@ -152,4 +152,5 @@ CSP_IMG_SRC = ("'self'", "data:")
 CSP_FONT_SRC = ("'self'")
 CSP_SCRIPT_SRC = ("'self'", 'code.jquery.com', 'cdn.jsdelivr.net', 'cdn.datatables.net')
 CSP_CONNECT_SRC = ("'self'")
-CSP_INCLUDE_NONCE_IN = ['script-src']
\ No newline at end of file
+CSP_INCLUDE_NONCE_IN = ['script-src']
+CSP_SCRIPT_SRC_ATTR = ("'self'", "'unsafe-inline'")
\ No newline at end of file
diff --git a/comic/templates/comic/comic_list.html b/comic/templates/comic/comic_list.html
index ed7cfea..6ad40cd 100644
--- a/comic/templates/comic/comic_list.html
+++ b/comic/templates/comic/comic_list.html
@@ -38,12 +38,12 @@
                 {% endif %}
 
                     {% if file.obj.thumbnail %}
-                    <img src="{{file.obj.thumbnail.url}}" class="card-img-top" alt="{{ file.name }}" onerror="this.onerror=null;this.src='{% static "img/placeholder.png" %}';">
+                    <img src="{{file.obj.thumbnail.url}}" class="card-img-top" alt="{{ file.name }}" alt_src="{% static "/img/placeholder.png" %}" onerror="this.onerror=null;this.src=this.getAttribute('alt_src');">
                     {% else %}
                         {% if file.item_type == 'Directory' %}
-                            <img src="{% url 'directory_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" onerror="this.onerror=null;this.src='{% static "img/placeholder.png" %}';">
+                            <img src="{% url 'directory_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" alt_src="{% static "/img/placeholder.png" %}" onerror="this.onerror=null;this.src=this.getAttribute('alt_src');">
                         {% elif file.item_type == 'ComicBook' %}
-                            <img src="{% url 'comic_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" onerror="this.onerror=null;this.src='{% static "img/placeholder.png" %}';">
+                            <img src="{% url 'comic_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" alt_src="{% static "/img/placeholder.png" %}" onerror="this.onerror=null;this.src=this.getAttribute('alt_src');">
                         {% endif %}
                     {% endif %}
                 </a>
diff --git a/comic/templates/comic/read_comic.html b/comic/templates/comic/read_comic.html
index 402e7b4..f549912 100644
--- a/comic/templates/comic/read_comic.html
+++ b/comic/templates/comic/read_comic.html
@@ -6,13 +6,13 @@
 
 
         <div class="reveal" id="comic_box">
-			<div class="slides" onclick="nextPage()">
+			<div id="slides_div" class="slides">
                 {% for page in pages %}
 				<section data-menu-title="{{ page.page_file_name }}">
                     {% if page.content_type|first in 'image' %}
                         <img data-src="{% url "get_image" nav.cur_path page.index %}" class=" w-100"  alt="{{ page.page_file_name }}">
                     {% else %}
-                        <p><embed type="{{ page.content_type }}" src="{% url "get_image" nav.cur_path page.index %}" onclick="nextPage()"></p>
+                        <p><embed class="comic_embed" type="{{ page.content_type }}" src="{% url "get_image" nav.cur_path page.index %}"></p>
                     {% endif %}
                 </section>
                 {% endfor %}
diff --git a/pyproject.toml b/pyproject.toml
index 0b56baf..cbc58ec 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -3,7 +3,7 @@ line_length = 119
 
 [tool.poetry]
 name = "cbwebreader"
-version = "0.2.1"
+version = "0.3.0"
 description = "CBR/Z Web Reader"
 authors = ["ajurna <ajurna@gmail.com>"]
 license = "Creative Commons Attribution-ShareAlike 4.0 International License"
diff --git a/static/js/comic_list.js b/static/js/comic_list.js
index bf2abbc..9dfac8b 100644
--- a/static/js/comic_list.js
+++ b/static/js/comic_list.js
@@ -83,4 +83,4 @@ comic_action_elements.forEach(el => el.addEventListener('click', event => {
     let item_type = target.attr('itemtype')
     let action = target.attr('comic_action')
     comic_action(selector, item_type, action)
-}));
\ No newline at end of file
+}));
diff --git a/static/js/read_comic.js b/static/js/read_comic.js
index 49f08dc..20514cc 100644
--- a/static/js/read_comic.js
+++ b/static/js/read_comic.js
@@ -59,4 +59,12 @@ function nextPage() {
     } else {
         Reveal.next()
     }
-}
\ No newline at end of file
+}
+let slides_div = document.getElementById('slides_div')
+slides_div.addEventListener('click', nextPage)
+
+let embeds = document.getElementsByClassName('comic_embed')
+
+embeds.forEach(function (embed){
+    embed.addEventListener('click', nextPage)
+})
diff --git a/static/js/read_comic.min.js b/static/js/read_comic.min.js
index fa7ca8a..69a0836 100644
--- a/static/js/read_comic.min.js
+++ b/static/js/read_comic.min.js
@@ -1 +1 @@
-const nav=JSON.parse(document.getElementById("nav").textContent);const last_read_page=JSON.parse(document.getElementById("last_read_page").textContent);Reveal.initialize({controls:false,hash:true,width:"100%",height:"100%",margin:0,minScale:1,maxScale:1,disableLayout:true,progress:true,keyboard:{37:()=>{prevPage()},39:()=>{nextPage()},38:()=>{window.scrollTo({top:window.scrollY-window.innerHeight*.6,left:0,behavior:"smooth"})},40:()=>{window.scrollTo({top:window.scrollY+window.innerHeight*.6,left:0,behavior:"smooth"})}},touch:false,transition:"slide",plugins:[RevealMenu]}).then(()=>{Reveal.slide(last_read_page)});Reveal.on("slidechanged",event=>{setTimeout(()=>{document.getElementsByClassName("slides")[0].scrollIntoView({behavior:"smooth"})},100);$.ajax({url:"/comic/set_page/"+nav.cur_path+"/"+event.indexh+"/"})});const hammertime=new Hammer(document.getElementById("comic_box"),{});hammertime.on("swipeleft",function(ev){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}});hammertime.on("swiperight",function(ev){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}});function prevPage(){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}}function nextPage(){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}}
\ No newline at end of file
+const nav=JSON.parse(document.getElementById("nav").textContent);const last_read_page=JSON.parse(document.getElementById("last_read_page").textContent);Reveal.initialize({controls:false,hash:true,width:"100%",height:"100%",margin:0,minScale:1,maxScale:1,disableLayout:true,progress:true,keyboard:{37:()=>{prevPage()},39:()=>{nextPage()},38:()=>{window.scrollTo({top:window.scrollY-window.innerHeight*.6,left:0,behavior:"smooth"})},40:()=>{window.scrollTo({top:window.scrollY+window.innerHeight*.6,left:0,behavior:"smooth"})}},touch:false,transition:"slide",plugins:[RevealMenu]}).then(()=>{Reveal.slide(last_read_page)});Reveal.on("slidechanged",event=>{setTimeout(()=>{document.getElementsByClassName("slides")[0].scrollIntoView({behavior:"smooth"})},100);$.ajax({url:"/comic/set_page/"+nav.cur_path+"/"+event.indexh+"/"})});const hammertime=new Hammer(document.getElementById("comic_box"),{});hammertime.on("swipeleft",function(ev){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}});hammertime.on("swiperight",function(ev){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}});function prevPage(){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}}function nextPage(){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}}let slides_div=document.getElementById("slides_div");slides_div.addEventListener("click",nextPage);let embeds=document.getElementsByClassName("comic_embed");embeds.forEach(function(embed){embed.addEventListener("click",nextPage)});
\ No newline at end of file